What are the consequences of not being GDPR compliant?

by Ted Wentzel

The General Data Protection Regulation will be in effect less than a year from now, which is why it’s important for everyone to understand the law as well as the consequences that come from not being compliant. Last week we kicked off a new series of blogs covering the basics of the European Union’s GDPR and why it’s important. Now that we have an idea of what to expect from this new law, we’re going to explore some of the repercussions for those who are not compliant.

The GDPR goes into effect on May 25, 2018. According to the GDPR website, “those organizations in non-compliance will face heavy fines” immediately at that time. There is going to be a tiered approached to determine the amount of the fine, which we’ll explain in more detail below:

Tiered Fines for Non-Compliance –

Organizations that breach the GDPR can face up to 4 percent of their annual global turnover or €20 million in fines. This is the maximum amount, which is saved for the most serious offenses including:

consequences that come from not being compliant. Last week we starnot having sufficient customer consent to process data

violating the core violating the core of Privacy by Design concepts

For less severe breaches of the GDPR, organizations will face smaller, but still hefty, fines. For example, the following infractions could result in a 2 percent fine of their annual global turnover:

not having their records in order

not notifying the supervising authority and data subject about a breach

not conducting impact assessments

These rules apply to both controllers and processors, so ‘clouds’ will still be subject to follow GDPR rules. To clarify, we’ll provide the definitions of processors and controllers below:

Data processor - an entity which processes personal data on behalf of the controller

Data controller - the entity that determines the purposes, conditions and means of the processing of personal data

Stay tuned for more GDPR topics including how to best prepare for the upcoming changes.